Industry interview with NetDocuments: Vanishing act
This article was also featured as an industry interview in the June 2016 issue of Briefing. To read the issue in full, download Briefing.
With law firms emerging as a selfacknowledged ‘weak link’ in the flow of business information, data security is emerging as a possible – if perhaps troubling – differentiator of service.
But it’s not just a question of who has the most stringent policies in place to fend off intruders. Firms must carefully balance their investment in protection with the need to be as efficient and productive as possible. Fireproofing against the outside world won’t help much if it means the fee earner can’t possibly do his or her job better than their counterpart one door down.
“It’s a thin tightrope to walk,” says Daniel Ibrahim, director of strategic accounts at “true cloud” provider NetDocuments. “The very highest security settings risk the lawyer’s access to information becoming too time-consuming. The bar has to be lowered a bit in the interests of usability, but the lower it goes the wider the possibility of a breach.”
It’s a vicious seesaw. Nevertheless, Ibrahim says firms should certainly err or the side of caution. NetDocuments, after all, has invested in back-end infrastructure and end-user technology to ensure security and compliance including individual document encryption, encryption key management and quantum key generation, as well as ISO 27001 certification.
“It should also be noted that either the law firm or its clients can hold the encryption keys, and even manage the data storage. The power is with them, resolving concerns around data sovereignty and silent subpoena defence.”
So far, so secure. So the tricky bit, clearly, must be letting the lawyers into – and around – their data in a timely fashion. That’s assuming, however, that the document management system is used as intended in the first place. According to Ibrahim, it may be more of an assumption than you’d think.
“Average user adoption rates with traditional on-premises or hosted on-premises document management are in the 40-60% range,” he says. The remainder of the data simply isn’t entered in the system for encryption to secure. “From an information governance standpoint, that’s a big problem,” he says.
“I have seen lawyers come up with incredibly creative ways to avoid a document management system – simply because their day-to-day work becomes that much easier. However, that means silos of information stored on multiple memory sticks, which create the data leaks that security is trying to avoid.
“It’s not because they like breaking the rules. Time is just so precious that it’s a waste to use it to find the right place for a file to be stored.”
The invisible management
The solution for Ibrahim is “invisible document management” – something so intuitive that you hardly realise it’s happening.
“It’s things like predictive email filing that truly empower a lawyer. If a document’s received, and the system believes with, for example, 95% accuracy it should be in a particular workspace, that’s where the system files it. There’s no need to remember every last subfolder of every single directory. A firm can also lower the threshold, of course. It all depends on what the firm is trying to achieve.”
Another aspect is the customisable native web interface that immediately taps into the swipeand-favourite expectations of the Facebook generation.
“Lawyers can even have a single client or matter loaded as their front screen,” says Ibrahim. Coupled with ndOffice (embedded integration with Microsoft Office) the features are connecting enterprise security with demands for productivity. Somewhat ironically, law firms’ chief concerns about the cloud have until now centred on the idea of security weakness and data sovereignty weakness that Ibrahim pledges to solve. “If you can’t allow a specific matter’s information to leave a specific region or country, that’s very easy to manage now,” he says. As well as weighing up against usability and likelihood of adoption, however, whichever route you follow, firms also need to balance security choices against their price tag.
The benefit of choosing ‘”true cloud” is that the cost is entirely predictable, he says.
“There are always several free and automatic upgrades a year – incremental improvements – and everyone’s always on the same instance. There’s no need to schedule a time for maintenance or the resource to test it. It’s the one-to-many delivery model – and it happens automatically.”
In other words, there’s no risk of neglect or mistakes – in this aspect of service, at least.
Collaborating reliably and securely on a single client matter from every office around the world is an enormous challenge for a global law firm at the best of times. But if you have this “platform of single instance”, he says, that too all but disappears.